boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

cookieauth works with static Admin.

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2208 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 19 years ago
parent 45b39ee1be
commit 6fe2fed87e
4 changed files with 78 additions and 34 deletions
Show Stats Download Patch File Download Diff File

37
htroot/User.java
Unescape View File

@ -50,6 +50,7 @@ import java.io.IOException;
import de.anomic.data.userDB;
import de.anomic.http.httpHeader;
import de.anomic.kelondro.kelondroBase64Order;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverCodings;
import de.anomic.server.serverObjects;
@ -57,17 +58,6 @@ import de.anomic.server.serverSwitch;
public class User{
private static String getLoginToken(String cookies){
String[] cookie=cookies.split(";"); //TODO: Mozilla uses
String[] pair;
for(int i=0;i<cookie.length;i++){
pair=cookie[i].split("=");
if(pair[0].trim().equals("login")){
return pair[1].trim();
}
}
return "";
}
public static serverObjects respond(httpHeader header, serverObjects post, serverSwitch env) {
serverObjects prop = new serverObjects();
plasmaSwitchboard sb = plasmaSwitchboard.getSwitchboard();
@ -83,7 +73,7 @@ public class User{
prop.put("logged-in_identified-by", 1);
//try via cookie
}else{
entry=sb.userDB.cookieAuth(getLoginToken(header.getHeaderCookies()));
entry=sb.userDB.cookieAuth(userDB.getLoginToken(header.getHeaderCookies()));
prop.put("logged-in_identified-by", 2);
//try via ip
if(entry == null){
@ -117,17 +107,30 @@ public class User{
//TODO: this does not work for a static admin, yet.
}else if(post != null && post.containsKey("username") && post.containsKey("password")){
//entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx"));
entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"));
if(entry != null){
String username=(String)post.get("username");
String password=(String)post.get("password");
entry=sb.userDB.passwordAuth(username, password);
boolean staticAdmin = sb.getConfig("adminAccountBase64MD5", "").equals(
serverCodings.encodeMD5Hex(
kelondroBase64Order.standardCoder.encodeString(username + ":" + password)
)
);
String cookie="";
if(entry != null)
//set a random token in a cookie
String cookie=sb.userDB.getCookie(entry);
cookie=sb.userDB.getCookie(entry);
else if(staticAdmin)
cookie=sb.userDB.getAdminCookie();
if(entry != null || staticAdmin){
httpHeader outgoingHeader=new httpHeader();
outgoingHeader.setCookie("login", cookie);
prop.setOutgoingHeader(outgoingHeader);
prop.put("logged-in", 1);
prop.put("logged-in_identified-by", 1);
prop.put("logged-in_username", entry.getUserName());
prop.put("logged-in_username", username);
if(post.containsKey("returnto")){
prop.put("LOCATION", (String)post.get("returnto"));
}
@ -158,7 +161,7 @@ public class User{
if(post!=null && post.containsKey("logout")){
prop.put("logged-in",0);
if(entry != null){
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), getLoginToken(header.getHeaderCookies())); //todo: logout cookie
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie
}
if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
prop.put("AUTHENTICATE","admin log-in");

55
source/de/anomic/data/userDB.java
Unescape View File

@ -158,8 +158,11 @@ public final class userDB {
* @param auth a base64 Encoded String, which contains "username:pw".
*/
public Entry proxyAuth(String auth) {
if(auth==null)
return null;
Entry entry=null;
auth=auth.trim().substring(6);
try{
auth=kelondroBase64Order.standardCoder.decodeString(auth);
}catch(RuntimeException e){} //no valid Base64
@ -184,19 +187,17 @@ public final class userDB {
* @param auth the http-headerline for authorisation
*/
public boolean hasAdminRight(String auth, String ip, String cookies){
return hasAdminRight(auth);
}
public boolean hasAdminRight(String auth){
plasmaSwitchboard sb=plasmaSwitchboard.getSwitchboard();
String adminAccountBase64MD5 = sb.getConfig("adminAccountBase64MD5", "");
userDB.Entry entry = sb.userDB.proxyAuth(auth);
if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) {
Entry entry=proxyAuth(auth);
if(entry != null && entry.hasAdminRight())
return true;
} else if(entry != null && entry.hasAdminRight()){
entry=cookieAuth(cookies);
if(entry != null && entry.hasAdminRight())
return true;
if(cookieAdminAuth(cookies))
return true;
}
return false;
}
/*
* use a ProxyAuth String to authenticate a user and save the ip/username for ipAuth
* @param auth a base64 Encoded String, which contains "username:pw".
@ -262,16 +263,45 @@ public final class userDB {
return entry;
}
public Entry cookieAuth(String cookieString){
if(cookieUsers.containsKey(cookieString))
return (Entry) cookieUsers.get(cookieString);
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
if(entry instanceof Entry) //String would mean static Admin
return (Entry)entry;
}
return null;
}
public boolean cookieAdminAuth(String cookieString){
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
if(entry instanceof String && entry.equals("admin"))
return true;
}
return false;
}
public String getCookie(Entry entry){
Random r = new Random();
String token = Long.toString(Math.abs(r.nextLong()), 36);
cookieUsers.put(token, entry);
return token;
}
public String getAdminCookie(){
Random r = new Random();
String token = Long.toString(Math.abs(r.nextLong()), 36);
cookieUsers.put(token, "admin");
return token;
}
public static String getLoginToken(String cookies){
String[] cookie=cookies.split(";"); //TODO: Mozilla uses "; "
String[] pair;
for(int i=0;i<cookie.length;i++){
pair=cookie[i].split("=");
if(pair[0].trim().equals("login")){
return pair[1].trim();
}
}
return "";
}
public class Entry {
public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd";
@ -529,7 +559,8 @@ public final class userDB {
return new HashSet().iterator();
}
}
public class userIterator implements Iterator {
// the iterator iterates all userNames
kelondroDyn.dynKeyIterator userIter;

2
source/de/anomic/http/httpdFileHandler.java
Unescape View File

@ -318,7 +318,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
if( (authorization != null && sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))){
if( (authorization != null && (sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))|| sb.staticAdminAuthenticated(authorization)==4)){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
}else if (authorization == null) {

18
source/de/anomic/plasma/plasmaSwitchboard.java
Unescape View File

@ -2021,14 +2021,24 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
}
public int adminAuthenticated(httpHeader header) {
String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
String authorization = ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).trim().substring(6);
int result=0; //wrong pw
int tmp=0;
if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) result = 3; // soft-authenticated for localhost
if (userDB.hasAdminRight((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx"), ((String) header.get("CLIENTIP", "")), header.getHeaderCookies())) return 4; //return, because 4=max
tmp=staticAdminAuthenticated(authorization);
if(tmp>result) result=tmp;
return result;
}
public int staticAdminAuthenticated(String authorization){
if(authorization==null) return 1;
if (authorization.length() == 0) return 1; // no authentication information given
if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) return 3; // soft-authenticated for localhost
String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok
if (userDB.hasAdminRight((String)header.get(httpHeader.AUTHORIZATION, "xxxxxx"))) return 4;
return 0; // wrong password
return 0;
}
public boolean verifyAuthentication(httpHeader header, boolean strict) {

Write Preview
Loading…
Cancel
Save